// 这个脚本是用来推理给好友发送消息SendMsg点的位置，通过protobuf找到的点41322198，对调用栈中的函数进行打log


//
// My_MsgToBrobufL6_17D7160  函数
//

My_MsgToBrobufL6_17D7160_Start$ = mod.main()+17D7160
bp My_MsgToBrobufL6_17D7160_Start$, "My_MsgToBrobufL6_17D7160_Start"
bpcnd My_MsgToBrobufL6_17D7160_Start$ , "0"
SetBreakpointCommand My_MsgToBrobufL6_17D7160_Start$, "TargetAddr$=0"
//bplogcondition My_MsgToBrobufL6_17D7160_Start$, "1" "mod.rva([ecx+0x10])==17D7160"
bplogcondition My_MsgToBrobufL6_17D7160_Start$, "mod.rva([ecx+0x10])==26C6B40"
bplog My_MsgToBrobufL6_17D7160_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL6_17D7160 Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobufL6_17D7160_Start$ , "My_MsgToBrobufL6_17D7160_Start"


// 中间的call esi
My_MsgToBrobufL6_17D7160_mid1$ = mod.main()+17D7182
bp My_MsgToBrobufL6_17D7160_mid1$, "My_MsgToBrobufL6_17D7160_mid1"
bpcnd My_MsgToBrobufL6_17D7160_mid1$ , "0"
//bplogcondition My_MsgToBrobufL6_17D7160_mid1$, "1"
SetBreakpointCommand My_MsgToBrobufL6_17D7160_mid1$, "TargetAddr$=mod.rva(esi)"
bplogcondition My_MsgToBrobufL6_17D7160_mid1$, "mod.rva(esi)==26C6B40"
bplog My_MsgToBrobufL6_17D7160_mid1$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL6_17D7160 mid call esi_RVA={mod.rva(esi)} , targetAddr=My_MsgToBrobufL5_26C6B40 "


My_MsgToBrobufL6_17D7160_End$ = mod.main()+17D7187
bp My_MsgToBrobufL6_17D7160_End$, "My_MsgToBrobufL6_17D7160_End"
bpcnd My_MsgToBrobufL6_17D7160_End$ , "0"
//bplogcondition My_MsgToBrobufL6_17D7160_End$, "1"
bplogcondition My_MsgToBrobufL6_17D7160_End$, "TargetAddr$==26C6B40"
bplog My_MsgToBrobufL6_17D7160_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL6_17D7160 End ...  "
labelset My_MsgToBrobufL6_17D7160_End$ , "My_MsgToBrobufL6_17D7160_End"


//
//My_MsgToBrobufL5_26C6B40
//

My_MsgToBrobufL5_26C6B40_Start$ = mod.main()+26C6B40
bp My_MsgToBrobufL5_26C6B40_Start$, "My_MsgToBrobufL5_26C6B40_Start"
bpcnd My_MsgToBrobufL5_26C6B40_Start$ , "0"
bplogcondition My_MsgToBrobufL5_26C6B40_Start$, "1"
bplog My_MsgToBrobufL5_26C6B40_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL5_26C6B40 Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobufL5_26C6B40_Start$ , "My_MsgToBrobufL5_26C6B40_Start"


// 中间的call esi
My_MsgToBrobufL5_26C6B40_mid1$ = mod.main()+26C6BED
bp My_MsgToBrobufL5_26C6B40_mid1$, "My_MsgToBrobufL5_26C6B40_mid1"
bpcnd My_MsgToBrobufL5_26C6B40_mid1$ , "0"
bplogcondition My_MsgToBrobufL5_26C6B40_mid1$, "1"
bplog My_MsgToBrobufL5_26C6B40_mid1$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL5_26C6B40 mid call esi_RVA={mod.rva(esi)} , targetAddr=My_MsgToBrobufL4_271F24E "


My_MsgToBrobufL5_26C6B40_End$ = mod.main()+26C6BFA
bp My_MsgToBrobufL5_26C6B40_End$, "My_MsgToBrobufL5_26C6B40_End"
bpcnd My_MsgToBrobufL5_26C6B40_End$ , "0"
bplogcondition My_MsgToBrobufL5_26C6B40_End$, "1"
bplog My_MsgToBrobufL5_26C6B40_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL5_26C6B40 End ...  "
labelset My_MsgToBrobufL5_26C6B40_End$ , "My_MsgToBrobufL5_26C6B40_End"




//
//My_MsgToBrobufL4_271F24E
//

My_MsgToBrobufL4_271F24E_Start$ = mod.main()+271F24E
bp My_MsgToBrobufL4_271F24E_Start$, "My_MsgToBrobufL4_271F24E_Start"
bpcnd My_MsgToBrobufL4_271F24E_Start$ , "0"
bplogcondition My_MsgToBrobufL4_271F24E_Start$, "1"
bplog My_MsgToBrobufL4_271F24E_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL4_271F24E Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobufL4_271F24E_Start$, "My_MsgToBrobufL4_271F24E_Start"


My_MsgToBrobufL4_271F24E_End$ = mod.main()+271F6D8
bp My_MsgToBrobufL4_271F24E_End$, "My_MsgToBrobufL4_271F24E_End"
bpcnd My_MsgToBrobufL4_271F24E_End$ , "0"
bplogcondition My_MsgToBrobufL4_271F24E_End$, "1"
bplog My_MsgToBrobufL4_271F24E_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL4_271F24E End ...  "
labelset My_MsgToBrobufL4_271F24E_End$, "My_MsgToBrobufL4_271F24E_End"




//
// My_MsgToBrobufL3_26B738B
//

My_MsgToBrobufL3_26B738B_Start$ = mod.main()+26B738B
bp My_MsgToBrobufL3_26B738B_Start$, "My_MsgToBrobufL3_26B738B_Start"
bpcnd My_MsgToBrobufL3_26B738B_Start$ , "0"
bplogcondition My_MsgToBrobufL3_26B738B_Start$, "1"
bplog My_MsgToBrobufL3_26B738B_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL3_26B738B Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobufL3_26B738B_Start$, "My_MsgToBrobufL3_26B738B_Start"


My_MsgToBrobufL3_26B738B_End$ = mod.main()+26B745E
bp My_MsgToBrobufL3_26B738B_End$, "My_MsgToBrobufL3_26B738B_End"
bpcnd My_MsgToBrobufL3_26B738B_End$ , "0"
bplogcondition My_MsgToBrobufL3_26B738B_End$, "1"
bplog My_MsgToBrobufL3_26B738B_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL3_26B738B End ...  "
labelset My_MsgToBrobufL3_26B738B_End$, "My_MsgToBrobufL3_26B738B_End"




//
// My_MsgToBrobufL2_2769C78
//

My_MsgToBrobufL2_2769C78_Start$ = mod.main()+2769C78
bp My_MsgToBrobufL2_2769C78_Start$, "My_MsgToBrobufL2_2769C78_Start"
bpcnd My_MsgToBrobufL2_2769C78_Start$ , "0"
bplogcondition My_MsgToBrobufL2_2769C78_Start$, "1"
bplog My_MsgToBrobufL2_2769C78_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL2_2769C78 Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobufL2_2769C78_Start$, "My_MsgToBrobufL2_2769C78_Start"


My_MsgToBrobufL2_2769C78_End$ = mod.main()+276A4BA
bp My_MsgToBrobufL2_2769C78_End$, "My_MsgToBrobufL2_2769C78_End"
bpcnd My_MsgToBrobufL2_2769C78_End$ , "0"
bplogcondition My_MsgToBrobufL2_2769C78_End$, "1"
bplog My_MsgToBrobufL2_2769C78_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobufL2_2769C78 End ...  "
labelset My_MsgToBrobufL2_2769C78_End$, "My_MsgToBrobufL2_2769C78_End"




//
// My_MsgToBrobufL1_2768635
//

My_MsgToBrobufL1_2768635_Start$ = mod.main()+2768635
bp My_MsgToBrobufL1_2768635_Start$, "My_MsgToBrobufL1_2768635_Start"
bpcnd My_MsgToBrobufL1_2768635_Start$ , "0"
bplogcondition My_MsgToBrobufL1_2768635_Start$, "1"
bplog My_MsgToBrobufL1_2768635_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobuf0_L1_2768635 Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobufL1_2768635_Start$, "My_MsgToBrobufL1_2768635_Start"


My_MsgToBrobufL1_2768635_End$ = mod.main()+2768778
bp My_MsgToBrobufL1_2768635_End$, "My_MsgToBrobufL1_2768635_End"
bpcnd My_MsgToBrobufL1_2768635_End$ , "0"
bplogcondition My_MsgToBrobufL1_2768635_End$, "1"
bplog My_MsgToBrobufL1_2768635_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobuf0_L1_2768635 End ...  "
labelset My_MsgToBrobufL1_2768635_End$, "My_MsgToBrobufL1_2768635_End"





//
// My_MsgToBrobuf1_L1_389A10D
//

My_MsgToBrobuf1_L1_389A10D_Start$ = mod.main()+389A10D
bp My_MsgToBrobuf1_L1_389A10D_Start$, "My_MsgToBrobuf1_L1_389A10D_Start"
bpcnd My_MsgToBrobuf1_L1_389A10D_Start$ , "0"
bplogcondition My_MsgToBrobuf1_L1_389A10D_Start$, "1"
bplog My_MsgToBrobuf1_L1_389A10D_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobuf1_L1_389A10D Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobuf1_L1_389A10D_Start$, "My_MsgToBrobuf1_L1_389A10D_Start"


My_MsgToBrobuf1_L1_389A10D_End$ = mod.main()+389A153
bp My_MsgToBrobuf1_L1_389A10D_End$, "My_MsgToBrobuf1_L1_389A10D_End"
bpcnd My_MsgToBrobuf1_L1_389A10D_End$ , "0"
bplogcondition My_MsgToBrobuf1_L1_389A10D_End$, "1"
bplog My_MsgToBrobuf1_L1_389A10D_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobuf1_L1_389A10D End ...  "
labelset My_MsgToBrobuf1_L1_389A10D_End$, "My_MsgToBrobuf1_L1_389A10D_End"





//
// My_MsgToBrobuf2_L1_3897ADB
//

My_MsgToBrobuf2_L1_3897ADB_Start$ = mod.main()+3897ADB
bp My_MsgToBrobuf2_L1_3897ADB_Start$, "My_MsgToBrobuf2_L1_3897ADB_Start"
bpcnd My_MsgToBrobuf2_L1_3897ADB_Start$ , "0"
bplogcondition My_MsgToBrobuf2_L1_3897ADB_Start$, "1"
bplog My_MsgToBrobuf2_L1_3897ADB_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobuf2_L1_3897ADB Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobuf2_L1_3897ADB_Start$, "My_MsgToBrobuf2_L1_3897ADB_Start"


My_MsgToBrobuf2_L1_3897ADB_End$ = mod.main()+3897BE5
bp My_MsgToBrobuf2_L1_3897ADB_End$, "My_MsgToBrobuf2_L1_3897ADB_End"
bpcnd My_MsgToBrobuf2_L1_3897ADB_End$ , "0"
bplogcondition My_MsgToBrobuf2_L1_3897ADB_End$, "1"
bplog My_MsgToBrobuf2_L1_3897ADB_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobuf2_L1_3897ADB End ...  "
labelset My_MsgToBrobuf2_L1_3897ADB_End$, "My_MsgToBrobuf2_L1_3897ADB_End"






//
// My_MsgToBrobuf3_L1_29DEA1
//

My_MsgToBrobuf3_L1_29DEA1_Start$ = mod.main()+29DEA1
bp My_MsgToBrobuf3_L1_29DEA1_Start$, "My_MsgToBrobuf3_L1_29DEA1_Start"
bpcnd My_MsgToBrobuf3_L1_29DEA1_Start$ , "0"
bplogcondition My_MsgToBrobuf3_L1_29DEA1_Start$, "1"
bplog My_MsgToBrobuf3_L1_29DEA1_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobuf3_L1_29DEA1 Start ...  callAddrRva={mod.rva([esp])}"
labelset My_MsgToBrobuf3_L1_29DEA1_Start$, "My_MsgToBrobuf3_L1_29DEA1_Start"


My_MsgToBrobuf3_L1_29DEA1_End$ = mod.main()+29DF85
bp My_MsgToBrobuf3_L1_29DEA1_End$, "My_MsgToBrobuf3_L1_29DEA1_End"
bpcnd My_MsgToBrobuf3_L1_29DEA1_End$ , "0"
bplogcondition My_MsgToBrobuf3_L1_29DEA1_End$, "1"
bplog My_MsgToBrobuf3_L1_29DEA1_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: My_MsgToBrobuf3_L1_29DEA1 End ...  "
labelset My_MsgToBrobuf3_L1_29DEA1_End$, "My_MsgToBrobuf3_L1_29DEA1_End"





//
// Tgt_SendMsg
//

Tgt_SendMsg_Start$ = mod.main()+424CCB2
bp Tgt_SendMsg_Start$, "Tgt_SendMsg_Start"
bpcnd Tgt_SendMsg_Start$ , "0"
bplogcondition Tgt_SendMsg_Start$, "1"
bplog Tgt_SendMsg_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: Tgt_SendMsg Start ...  callAddrRva={mod.rva([esp])}"
labelset Tgt_SendMsg_Start$, "Tgt_SendMsg_Start"


Tgt_SendMsg_End$ = mod.main()+0424CFFC
bp Tgt_SendMsg_End$, "Tgt_SendMsg_End"
bpcnd Tgt_SendMsg_End$ , "0"
bplogcondition Tgt_SendMsg_End$, "1"
bplog Tgt_SendMsg_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: Tgt_SendMsg End ...  "
labelset Tgt_SendMsg_End$, "Tgt_SendMsg_End"






//
// WSASend
//

WSASend_Start$ = ws2_32.WSASend
bp WSASend_Start$, "WSASend_Start"
bpcnd WSASend_Start$ , "0"
bplogcondition WSASend_Start$, "1"
bplog WSASend_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: WSASend Start ... socket={arg.get(0)}, pBufs={arg.get(1)}, dwBufCnt={arg.get(2)}, lpOvlpd={arg.get(3)}, pRoutine={arg.get(4)} callAddrRva={mod.rva([esp])}"






//
// GetQueuedCompletionStatus
//

GetQueued_Start$ = KernelBase.GetQueuedCompletionStatus
bp GetQueued_Start$, "GetQueuedCompletionStatus Start"
bpcnd GetQueued_Start$ , "0"
bplogcondition GetQueued_Start$, "1"
bplog GetQueued_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}:  GetQueued start ... CmpPort={[esp+4]}，pNum={[esp+8]}，lpKey={[esp+c]}，lpOlpd={[esp+10]}，dwMilliseconds={[esp+14]}，callAddrRva={mod.rva([esp])}"



// 左侧笔记本
// GetQueued_End$ = KernelBase+14473D
// 右侧台式机
GetQueued_End$ = KernelBase+14473D 
bp GetQueued_End$ , "GetQueuedCompletionStatus End"
bpcnd GetQueued_End$ , "0"
bplogcondition GetQueued_End$, "1"
bplog GetQueued_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}:  GetQueued End ... *pNum={[arg.get(1)]}，*pCmpKey={[arg.get(2)]}，*lpOverlapped={[arg.get(3)]}，dwMilliseconds={arg.get(4)}，retValue={eax}"
labelset GetQueued_End$ , "GetQueuedCompletionStatus End"





//
// GetQueuedCompletionStatus 143F90
//

PostQueued_Start$ = KernelBase.PostQueuedCompletionStatus
bp PostQueued_Start$, "PostQueuedCompletionStatus Start"
bpcnd PostQueued_Start$ , "0"
bplogcondition PostQueued_Start$, "1"
bplog PostQueued_Start$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: PostQueued start ... CmpPort={arg.get(0)}，numTransfer={arg.get(1)}，dwCompletionKey={arg.get(2)}，lpOverlapped={arg.get(3)}，callAddrRva={mod.rva([esp])}"


// 左侧笔记本
// PostQueuedCompletionStatus_End$ = KernelBase+143FB9 
// 右侧台式机
PostQueuedCompletionStatus_End$ = KernelBase+143FB9
bp PostQueuedCompletionStatus_End$, "PostQueuedCompletionStatus End"
bpcnd PostQueuedCompletionStatus_End$ , "0"
bplogcondition PostQueuedCompletionStatus_End$, "1"
bplog PostQueuedCompletionStatus_End$, "tid={tid()} time={GetTickCount()} RVA={mod.rva(eip)}: PostQueuedCompletionStatus End ... retValue={eax}"
labelset PostQueuedCompletionStatus_End$ , "PostQueuedCompletionStatus End"
